On July 29, 2016, the board of directors of the Federal Deposit Insurance Corporation (FDIC) released a proposal regarding third-party lending guidance ("Proposed Guidance") as part of a package of materials designed to "improve the transparency and clarity of the FDIC's supervisory policies and practices." The Proposed Guidance elaborates on previously issued agency guidance on managing third-party risks1 and, if finalized, could apply to all FDIC-supervised institutions that engage in third-party lending programs.
The Proposed Guidance affirms that an institution's board of directors and senior management are responsible for managing, identifying and controlling the risks associated with lending activities conducted through third parties, and the FDIC will evaluate third-party lending activities conducted on behalf of a financial institution as though the institution itself had performed those activities.
The Financial Institution Letter accompanying the Proposed Guidance states that the guidance is "intended to provide FDIC-supervised financial institutions and examiners with clear expectations" with respect to the FDIC's evaluation of the institutions' management and assessment of third-party lending arrangements and associated risks. Accordingly, the Proposed Guidance describes the agency's expectations for the maintenance of a risk-management program. After outlining the risks that may be associated with third-party lending, the Proposed Guidance sets forth elements of a third-party lending risk-management program that can mitigate these risks: strategic planning, the establishment of policies, risk assessments to evaluate whether to enter into a relationship with a third-party lender, due diligence and ongoing oversight of third parties once a relationship has been established, and the structuring and review of contracts with third-party lenders to clearly establish the rights and responsibilities of the financial institution and the third party. A financial institution's third-party lending risk-management program and policies "should be commensurate with the significance, complexity, risk profile, transaction volume, and number of third-party lending relationships."
The Proposed Guidance also outlines supervisory considerations and examination procedures related to third-party lending. These considerations include:
- Credit underwriting and administration;
- Capital adequacy;
- Accounting and allowance of loan and lease losses;
- Consumer compliance;
- Bank Secrecy Act and anti-money laundering;
- Safeguarding customer information; and
- Information technology.
With respect to examination procedures, the Proposed Guidance provides that institutions engaging in "significant lending activities through third parties" would receive "increased supervisory attention, including a 12-month examination cycle, concurrent risk management and consumer protection examinations, offsite monitoring, and possible review of third parties." An institution could also see increased frequency of examination activities if the FDIC determines the institution's program has material weaknesses or an increase in origination volume or number of arrangements with third-party lenders.
On August 4, 2016, the FDIC extended the comment period for the Proposed Guidance by 45 days in response to requests from "interested parties." Comments on the Proposed Guidance are now due on October 27, 2016.
1 Guidance for Managing Third-Party Risk (Financial Institution Letter (FIL) 44-2008, June 6, 2008), https://www.fdic.gov/news/news/financial/2008/fil08044.html.
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved